Time
57 minutes
Difficulty
Beginner
CEU/CPE
1

Video Transcription

00:01
welcome to the second part of the course.
00:03
Now we're gonna go ahead and log in to the Windows seven Land machine user, user name, administrator
00:10
password is password within that sign.
00:15
Once we're in, we're gonna go to the start menu Type in sec, Paul, I'm a dot MSC and hit Enter.
00:30
Once we're there, we're gonna go to a local policies and then click on audit policy. The audit object asked access and then double click on that.
00:43
You want to check both boxes
00:45
under audit these attempts? So success and failure and then click. Okay.
00:58
Next, we're gonna open a file Explorer window and go to see program files Splunk bin and then Splunk, Dottie XY
01:26
right click on Splunk and then hit properties. And then from there we're gonna click on the security top and then go to advanced.
01:36
Next, we're gonna click on auditing and then click at it.
01:38
Go ahead and hit ad and then type everyone into the field
01:47
once you click. Okay, there'll be a window that pops up in that window. You're gonna check everything under successful and failed and then click OK again
01:59
once you're finished with this, go ahead. and reboot your machine.
02:10
Now we're gonna go ahead and verify the auditing. So we're gonna go back to Kelly.
02:25
Once you're back in Cali, click applications and then go to Internet and then click ice weasel for your browser
02:38
in the browser, you're gonna type http dot dot slash slash 192.168 dot 0.20 colon 8000.
03:05
Quick continue
03:08
doesn't click. Search in reporting
03:13
and then click on reports.
03:22
Now we're going to go back and log into the window. Seven. Machine.
03:37
Go to the start menu in type in event viewer. Dottie XY.
03:50
Under Windows logs, click on Security
03:58
and then in the right pane, click find and in the box that pops up type Splunk, Dottie XY and hit Find.
04:25
Go ahead and find the last five object access logs. First bunk.
05:43
In this lab, you learn how to skin a network with and map utility, identify access to a ***, server object and audit. Love

Up Next

Introduction to SIEM Tools

In this SIEM training course, you will learn the basics of a Security Information Event Manager (SIEM) and how and why these are used in a SOC.

Instructed By

Instructor Profile Image
Gabrielle Hempel
Instructor